Simplify the default configuration file

After some discussion with the community it was decided to
clean the configuration file from excessive comments and
explicitly configured default values. Also, mod_mam and
mod_http_upload have been added.

The rationale for this is to have a clean and not bloated
configuration file which doesn't scare away newcomers and
which has all features from the Compliance Suite 2018 (XEP-0387)
enabled by default.

For further configuration an admin is encouraged to read the
documentation at https://docs.ejabberd.im/admin/configuration

1 files changed, 63 insertions, 721 deletions

diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index c27622bbb..158d0cde2 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -1,15 +1,16 @@
 ###
-###'              ejabberd configuration file
+###              ejabberd configuration file
 ###
+### The parameters used in this configuration file are explained at
+###
+###       https://docs.ejabberd.im/admin/configuration
 ###
-
-### The parameters used in this configuration file are explained in more detail
-### in the ejabberd Installation and Operation Guide.
-### Please consult the Guide in case of doubts, it is included with
-### your copy of ejabberd, and is also available online at
-### http://www.process-one.net/en/ejabberd/docs/
-
 ### The configuration file is written in YAML.
+### *******************************************************
+### *******           !!! WARNING !!!               *******
+### *******     YAML IS INDENTATION SENSITIVE       *******
+### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
+### *******************************************************
 ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
 ### However, ejabberd treats different literals as different types:
 ###
@@ -23,158 +24,28 @@
 ###   Example of folded string:
 ###   > Art thou not Romeo,
 ###     and a Montague?
+###
 
-###.  =======
-###'  LOGGING
+hosts:
+  - "localhost"
 
-##
-## loglevel: Verbosity of log files generated by ejabberd.
-## 0: No ejabberd log at all (not recommended)
-## 1: Critical
-## 2: Error
-## 3: Warning
-## 4: Info
-## 5: Debug
-##
 loglevel: 4
-
-##
-## rotation: Describe how to rotate logs. Either size and/or date can trigger
-## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
-## does not disable rotation, it instead rotates the file and keeps no previous
-## versions around. Setting size to X rotate log when it reaches X bytes.
-## To disable rotation set the size to 0 and the date to ""
-## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
-## Some examples:
-##  $D0     rotate every night at midnight
-##  $D23    rotate every day at 23:00 hr
-##  $W0D23  rotate every week on Sunday at 23:00 hr
-##  $W5D16  rotate every week on Friday at 16:00 hr
-##  $M1D0   rotate on the first day of every month at midnight
-##  $M5D6   rotate on every 5th day of the month at 6:00 hr
-##
 log_rotate_size: 10485760
 log_rotate_date: ""
 log_rotate_count: 1
-
-##
-## overload protection: If you want to limit the number of messages per second
-## allowed from error_logger, which is a good idea if you want to avoid a flood
-## of messages when system is overloaded, you can set a limit.
-## 100 is ejabberd's default.
 log_rate_limit: 100
 
-###.  ===============
-###'  NODE PARAMETERS
-
-##
-## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
-## identical value on all nodes, and in most cases shouldn't be changed at all from
-## default value.
-##
-## net_ticktime: 60
-
-###.  ================
-###'  SERVED HOSTNAMES
-
-##
-## hosts: Domains served by ejabberd.
-## You can define one or several, for example:
-## hosts:
-##   - "example.net"
-##   - "example.com"
-##   - "example.org"
-##
-hosts:
-  - "localhost"
-
-##
-## route_subdomains: Delegate subdomains to other XMPP servers.
-## For example, if this ejabberd serves example.org and you want
-## to allow communication with an XMPP server called im.example.org.
-##
-## route_subdomains: s2s
+certfiles:
+  - "/etc/letsencrypt/live/*/*.pem"
 
-###.  ============
-###'  Certificates
-
-## List all available PEM files containing certificates for your domains,
-## chains of certificates or certificate keys. Full chains will be built
-## automatically by ejabberd.
-##
-## certfiles:
-##   - "/etc/letsencrypt/live/example.org/*.pem"
-##   - "/etc/letsencrypt/live/example.com/*.pem"
-##
-## If your system provides only a single CA file (CentOS/FreeBSD):
-## ca_file: "/etc/ssl/certs/ca-bundle.pem"
-
-###.  =================
-###'  TLS configuration
-
-## Note that the following configuration is the default
-## configuration of the TLS driver, so you don't need to
-## uncomment it.
-##
-## define_macro:
-##   'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
-##   'TLS_OPTIONS':
-##     - "no_sslv3"
-##     - "cipher_server_preference"
-##     - "no_compression"
-##   'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
-##
-## c2s_dhfile: 'DH_FILE'
-## s2s_dhfile: 'DH_FILE'
-## c2s_ciphers: 'TLS_CIPHERS'
-## s2s_ciphers: 'TLS_CIPHERS'
-## c2s_protocol_options: 'TLS_OPTIONS'
-## s2s_protocol_options: 'TLS_OPTIONS'
-
-###.  ===============
-###'  LISTENING PORTS
-
-##
-## listen: The ports ejabberd will listen on, which service each is handled
-## by and what options to start it with.
-##
 listen:
   -
     port: 5222
     ip: "::"
     module: ejabberd_c2s
-    ##
-    ## If TLS is compiled in and you installed a SSL
-    ## certificate, uncomment this line:
-    ##
-    ## starttls: true
-    ##
-    ## To enforce TLS encryption for client connections,
-    ## use this instead of the "starttls" option:
-    ##
-    ## starttls_required: true
-    ##
-    ## Stream compression
-    ##
-    ## zlib: true
-    ##
     max_stanza_size: 65536
     shaper: c2s_shaper
     access: c2s
-  ##
-  ## Direct-TLS for C2S (XEP-0368). A good practice is to forward
-  ## traffic from port 443 to this port, possibly multiplexing it
-  ## with HTTP using e.g. sslh [https://wiki.xmpp.org/web/Tech_pages/XEP-0368],
-  ## so modern clients can bypass restrictive firewalls (in airports, hotels, etc.).
-  ##
-  ## -
-  ##   port: 5223
-  ##   ip: "::"
-  ##   module: ejabberd_c2s
-  ##   tls: true
-  ##   max_stanza_size: 65536
-  ##   shaper: c2s_shaper
-  ##   access: c2s
   -
     port: 5269
     ip: "::"
@@ -184,429 +55,41 @@ listen:
     ip: "::"
     module: ejabberd_http
     request_handlers:
-      "/ws": ejabberd_http_ws
-      "/bosh": mod_bosh
       "/api": mod_http_api
-    ##  "/pub/archive": mod_http_fileserver
+      "/bosh": mod_bosh
+      "/upload": mod_http_upload
+      "/ws": ejabberd_http_ws
     web_admin: true
-    ## register: true
     captcha: true
 
-  ##
-  ## ejabberd_service: Interact with external components (transports, ...)
-  ##
-  ## -
-  ##   port: 8888
-  ##   ip: "::"
-  ##   module: ejabberd_service
-  ##   access: all
-  ##   shaper_rule: fast
-  ##   ip: "127.0.0.1"
-  ##   privilege_access:
-  ##      roster: "both"
-  ##      message: "outgoing"
-  ##      presence: "roster"
-  ##   delegations:
-  ##      "urn:xmpp:mam:1":
-  ##        filtering: ["node"]
-  ##      "http://jabber.org/protocol/pubsub":
-  ##        filtering: []
-  ##   hosts:
-  ##     "icq.example.org":
-  ##       password: "secret"
-  ##     "sms.example.org":
-  ##       password: "secret"
-
-  ##
-  ## ejabberd_stun: Handles STUN Binding requests
-  ##
-  ## -
-  ##   port: 3478
-  ##   transport: udp
-  ##   module: ejabberd_stun
-
-  ##
-  ## To handle XML-RPC requests that provide admin credentials:
-  ##
-  ## -
-  ##   port: 4560
-  ##   ip: "::"
-  ##   module: ejabberd_xmlrpc
-  ##   maxsessions: 10
-  ##   timeout: 5000
-  ##   access_commands:
-  ##     admin:
-  ##       commands: all
-  ##       options: []
-
-  ##
-  ## To enable secure http upload
-  ##
-  ## -
-  ##   port: 5444
-  ##   ip: "::"
-  ##   module: ejabberd_http
-  ##   request_handlers:
-  ##     "": mod_http_upload
-  ##   tls: true
-  ##   protocol_options: 'TLS_OPTIONS'
-  ##   dhfile: 'DH_FILE'
-  ##   ciphers: 'TLS_CIPHERS'
-
-## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
-## password storage (see auth_password_format option).
-## disable_sasl_mechanisms: "digest-md5"
-
-###.  ==================
-###'  S2S GLOBAL OPTIONS
-
-##
-## s2s_use_starttls: Enable STARTTLS for S2S connections.
-## Allowed values are: false, optional or required
-## You must specify 'certfiles' option
-##
-## s2s_use_starttls: optional
-
-##
-## S2S whitelist or blacklist
-##
-## Default s2s policy for undefined hosts.
-##
-## s2s_access: s2s
-
-##
-## Outgoing S2S options
-##
-## Preferred address families (which to try first) and connect timeout
-## in seconds.
-##
-## outgoing_s2s_families:
-##   - ipv4
-##   - ipv6
-## outgoing_s2s_timeout: 190
-
-###.  ==============
-###'  AUTHENTICATION
-
-##
-## auth_method: Method used to authenticate the users.
-## The default method is the internal.
-## If you want to use a different method,
-## comment this line and enable the correct ones.
-##
-auth_method: internal
-
-##
-## Store the plain passwords or hashed for SCRAM:
-## auth_password_format: plain
-## auth_password_format: scram
-##
-## Define the FQDN if ejabberd doesn't detect it:
-## fqdn: "server3.example.com"
-
-##
-## Authentication using external script
-## Make sure the script is executable by ejabberd.
-##
-## auth_method: external
-## extauth_program: "/path/to/authentication/script"
-
-##
-## Authentication using SQL
-## Remember to setup a database in the next section.
-##
-## auth_method: sql
-
-##
-## Authentication using PAM
-##
-## auth_method: pam
-## pam_service: "pamservicename"
-
-##
-## Authentication using LDAP
-##
-## auth_method: ldap
-##
-## List of LDAP servers:
-## ldap_servers:
-##   - "localhost"
-##
-## Encryption of connection to LDAP servers:
-## ldap_encrypt: none
-## ldap_encrypt: tls
-##
-## Port to connect to on LDAP servers:
-## ldap_port: 389
-## ldap_port: 636
-##
-## LDAP manager:
-## ldap_rootdn: "dc=example,dc=com"
-##
-## Password of LDAP manager:
-## ldap_password: "******"
-##
-## Search base of LDAP directory:
-## ldap_base: "dc=example,dc=com"
-##
-## LDAP attribute that holds user ID:
-## ldap_uids:
-##   - "mail": "%u@mail.example.org"
-##
-## LDAP filter:
-## ldap_filter: "(objectClass=shadowAccount)"
-
-##
-## Anonymous login support:
-##   auth_method: anonymous
-##   anonymous_protocol: sasl_anon | login_anon | both
-##   allow_multiple_connections: true | false
-##
-## host_config:
-##   "public.example.org":
-##     auth_method: anonymous
-##     allow_multiple_connections: false
-##     anonymous_protocol: sasl_anon
-##
-## To use both anonymous and internal authentication:
-##
-## host_config:
-##   "public.example.org":
-##     auth_method:
-##       - internal
-##       - anonymous
-
-###.  ==============
-###'  DATABASE SETUP
-
-## ejabberd by default uses the internal Mnesia database,
-## so you do not necessarily need this section.
-## This section provides configuration examples in case
-## you want to use other database backends.
-## Please consult the ejabberd Guide for details on database creation.
-
-##
-## MySQL server:
-##
-## sql_type: mysql
-## sql_server: "server"
-## sql_database: "database"
-## sql_username: "username"
-## sql_password: "password"
-##
-## If you want to specify the port:
-## sql_port: 1234
-
-##
-## PostgreSQL server:
-##
-## sql_type: pgsql
-## sql_server: "server"
-## sql_database: "database"
-## sql_username: "username"
-## sql_password: "password"
-##
-## If you want to specify the port:
-## sql_port: 1234
-##
-## If you use PostgreSQL, have a large database, and need a
-## faster but inexact replacement for "select count(*) from users"
-##
-## pgsql_users_number_estimate: true
-
-##
-## SQLite:
-##
-## sql_type: sqlite
-## sql_database: "/path/to/database.db"
-
-##
-## ODBC compatible or MSSQL server:
-##
-## sql_type: odbc
-## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
-
-##
-## Number of connections to open to the database for each virtual host
-##
-## sql_pool_size: 10
-
-##
-## Interval to make a dummy SQL request to keep the connections to the
-## database alive. Specify in seconds: for example 28800 means 8 hours
-##
-## sql_keepalive_interval: undefined
-
-##
-## Use the new SQL schema
-##
-## new_sql_schema: true
-
-##
-## A database can also can be used to store information from several
-## modules. To enable storage to the database, just make sure it is 
-## setup above and set default_db: sql if you want to use SQL for
-## all modules.
-##
-## default_db: sql
-
-###.  ===============
-###'  TRAFFIC SHAPERS
-
-shaper:
-  ##
-  ## The "normal" shaper limits traffic speed to 1000 B/s
-  ##
-  normal: 1000
-
-  ##
-  ## The "fast" shaper limits traffic speed to 50000 B/s
-  ##
-  fast: 50000
-
-##
-## This option specifies the maximum number of elements in the queue
-## of the FSM. Refer to the documentation for details.
-##
-max_fsm_queue: 10000
-
-###.   ====================
-###'   ACCESS CONTROL LISTS
 acl:
-  ##
-  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
-  ## You can put here as many accounts as you want.
-  ##
-  ## admin:
-  ##   user:
-  ##     - "aleksey@localhost"
-  ##     - "ermine@example.org"
-  ##
-  ## Blocked users
-  ##
-  ## blocked:
-  ##   user:
-  ##     - "baduser@example.org"
-  ##     - "test"
-
-  ## Local users: don't modify this.
-  ##
   local:
     user_regexp: ""
-
-  ##
-  ## More examples of ACLs
-  ##
-  ## jabberorg:
-  ##   server:
-  ##     - "jabber.org"
-  ## aleksey:
-  ##   user:
-  ##     - "aleksey@jabber.ru"
-  ## test:
-  ##   user_regexp: "^test"
-  ##   user_glob: "test*"
-
-  ##
-  ## Loopback network
-  ##
   loopback:
     ip:
       - "127.0.0.0/8"
       - "::1/128"
       - "::FFFF:127.0.0.1/128"
 
-  ##
-  ## Bad XMPP servers
-  ##
-  ## bad_servers:
-  ##   server:
-  ##     - "xmpp.zombie.org"
-  ##     - "xmpp.spam.com"
-
-##
-## Define specific ACLs in a virtual host.
-##
-## host_config:
-##   "localhost":
-##     acl:
-##       admin:
-##         user:
-##           - "bob-local@localhost"
-
-###.  ============
-###'  SHAPER RULES
-
-shaper_rules:
-  ## Maximum number of simultaneous sessions allowed for a single user:
-  max_user_sessions: 10
-  ## Maximum number of offline messages that users can have:
-  max_user_offline_messages:
-    - 5000: admin
-    - 100
-  ## For C2S connections, all users except admins use the "normal" shaper
-  c2s_shaper:
-    - none: admin
-    - normal
-  ## All S2S connections use the "fast" shaper
-  s2s_shaper: fast
-
-###.  ============
-###'  ACCESS RULES
 access_rules:
-  ## This rule allows access only for local users:
   local:
     - allow: local
-  ## Only non-blocked users can use c2s connections:
   c2s:
     - deny: blocked
     - allow
-  ## Only admins can send announcement messages:
   announce:
     - allow: admin
-  ## Only admins can use the configuration interface:
   configure:
     - allow: admin
-  ## Only accounts of the local ejabberd server can create rooms:
   muc_create:
     - allow: local
-  ## Only accounts on the local ejabberd server can create Pubsub nodes:
   pubsub_createnode:
     - allow: local
-  ## In-band registration allows registration of any possible username.
-  ## To disable in-band registration, replace 'allow' with 'deny'.
   register:
     - allow
-  ## Only allow to register from localhost
   trusted_network:
     - allow: loopback
-  ## Do not establish S2S connections with bad servers
-  ## If you enable this you also have to uncomment "s2s_access: s2s"
-  ## s2s:
-  ##   - deny:
-  ##     - ip: "XXX.XXX.XXX.XXX/32"
-  ##   - deny:
-  ##     - ip: "XXX.XXX.XXX.XXX/32"
-  ##   - allow
 
-## ===============
-## API PERMISSIONS
-## ===============
-##
-## This section allows you to define who and using what method
-## can execute commands offered by ejabberd.
-##
-## By default "console commands" section allow executing all commands
-## issued using ejabberdctl command, and "admin access" section allows
-## users in admin acl that connect from 127.0.0.1 to  execute all
-## commands except start and stop with any available access method
-## (ejabberdctl, http-api, xmlrpc depending what is enabled on server).
-##
-## If you remove "console commands" there will be one added by
-## default allowing executing all commands, but if you just change
-## permissions in it, version from config file will be used instead
-## of default one.
-##
 api_permissions:
   "console commands":
     from:
@@ -636,154 +119,68 @@ api_permissions:
       - "status"
       - "connected_users_number"
 
-## By default the frequency of account registrations from the same IP
-## is limited to 1 account every 10 minutes. To disable, specify: infinity
-## registration_timeout: 600
-  
-##
-## Define specific Access Rules in a virtual host.
-##
-## host_config:
-##   "localhost":
-##     access:
-##       c2s:
-##         - allow: admin
-##         - deny
-##       register:
-##         - deny
-
-###.  ================
-###'  DEFAULT LANGUAGE
-
-##
-## language: Default language used for server messages.
-##
-language: "en"
-
-##
-## Set a different default language in a virtual host.
-##
-## host_config:
-##   "localhost":
-##     language: "ru"
-
-###.  =======
-###'  CAPTCHA
-
-##
-## Full path to a script that generates the image.
-##
-## captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"
-
-##
-## Host for the URL and port where ejabberd listens for CAPTCHA requests.
-##
-## captcha_host: "example.org:5280"
-
-##
-## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
-##
-## captcha_limit: 5
-
-###.  ====
-###'  ACME
-##
-## In order to use the acme certificate acquiring through "Let's Encrypt"
-## an http listener has to be configured to listen to port 80 so that
-## the authorization challenges posed by "Let's Encrypt" can be solved.
-## 
-## A simple way of doing this would be to add the following in the listening
-## section and to configure port forwarding from 80 to 5280 either via NAT
-## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc.
-##   - 
-##    port: 5280
-##    ip: "::"
-##    module: ejabberd_http
-
-acme:
-
-   ## A contact mail that the ACME Certificate Authority can contact in case of
-   ## an authorization issue, such as a server-initiated certificate revocation.
-   ## It is not mandatory to provide an email address but it is highly suggested.
-   contact: "mailto:example-admin@example.com"
-
-
-   ## The ACME Certificate Authority URL.
-   ## This could either be:
-   ##   - https://acme-v01.api.letsencrypt.org - (Default) for the production CA
-   ##   - https://acme-staging.api.letsencrypt.org - for the staging CA
-   ##   - http://localhost:4000 - for a local version of the CA
-   ca_url: "https://acme-v01.api.letsencrypt.org"
+shaper:
+  normal: 1000
+  fast: 50000
 
-###.  =======
-###'  MODULES
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  c2s_shaper:
+    - none: admin
+    - normal
+  s2s_shaper: fast
 
-##
-## Modules enabled in all ejabberd virtual hosts.
-##
 modules:
   mod_adhoc: {}
   mod_admin_extra: {}
-  mod_announce: # recommends mod_adhoc
+  mod_announce:
     access: announce
-  mod_blocking: {} # requires mod_privacy
+  mod_avatar: {}
+  mod_blocking: {}
+  mod_bosh: {}
   mod_caps: {}
   mod_carboncopy: {}
   mod_client_state: {}
-  mod_configure: {} # requires mod_adhoc
-  ## mod_delegation: {} # for xep0356
+  mod_configure: {}
   mod_disco: {}
-  mod_echo: {}
-  mod_bosh: {}
-  ## mod_http_fileserver:
-  ##   docroot: "/var/www"
-  ##   accesslog: "/var/log/ejabberd/access.log"
-  ## mod_http_upload:
-  ##   # docroot: "@HOME@/upload"
-  ##   put_url: "https://@HOST@:5444"
-  ##   thumbnail: false # otherwise needs ejabberd to be compiled with libgd support
-  ## mod_http_upload_quota:
-  ##   max_days: 30
+  mod_fail2ban: {}
+  mod_http_api: {}
+  mod_http_upload:
+    put_url: "http://@HOST@:5280/upload"
   mod_last: {}
-  ## XEP-0313: Message Archive Management
-  ## You might want to setup a SQL backend for MAM because the mnesia database is
-  ## limited to 2GB which might be exceeded on large servers
-  ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
+  mod_mam:
+    ## Mnesia is limited to 2GB, better to use an SQL backend
+    ## For small servers SQLite is a good fit and is very easy
+    ## to configure. Uncomment this when you have SQL configured:
+    ## db_type: sql
+    assume_mam_usage: true
+    default: always
   mod_muc:
-    ## host: "conference.@HOST@"
     access:
       - allow
     access_admin:
       - allow: admin
     access_create: muc_create
     access_persistent: muc_create
+    default_room_options:
+      mam: true
   mod_muc_admin: {}
-  ## mod_muc_log: {}
-  ## mod_multicast: {}
   mod_offline:
     access_max_user_messages: max_user_offline_messages
   mod_ping: {}
-  ## mod_pres_counter:
-  ##   count: 5
-  ##   interval: 60
   mod_privacy: {}
   mod_private: {}
-  ## mod_proxy65: {}
   mod_pubsub:
     access_createnode: pubsub_createnode
-    ## reduces resource comsumption, but XEP incompliant
-    ignore_pep_from_offline: true
-    ## XEP compliant, but increases resource comsumption
-    ## ignore_pep_from_offline: false
-    last_item_cache: false
     plugins:
       - "flat"
-      - "hometree"
-      - "pep" # pep requires mod_caps
+      - "pep"
     force_node_config:
-      ## Avoid using OMEMO by default because it
-      ## introduces a lot of hard-to-track problems.
-      ## Comment out the following lines to enable OMEMO support
+      ## Uncomment the following lines to enable OMEMO support
+      ## See https://github.com/processone/ejabberd/issues/2425
       "eu.siacs.conversations.axolotl.*":
         access_model: whitelist
       ## Avoid buggy clients to make their bookmarks public
@@ -791,82 +188,27 @@ modules:
         access_model: whitelist
   mod_push: {}
   mod_push_keepalive: {}
-  ## mod_register:
-    ##
-    ## Protect In-Band account registrations with CAPTCHA.
-    ##
-    ##   captcha_protected: true
-    ##
-    ## Set the minimum informational entropy for passwords.
-    ##
-    ##   password_strength: 32
-    ##
-    ## After successful registration, the user receives
-    ## a message with this subject and body.
-    ##
-    ##   welcome_message:
-    ##     subject: "Welcome!"
-    ##     body: |-
-    ##       Hi.
-    ##       Welcome to this XMPP server.
-    ##
-    ## When a user registers, send a notification to
-    ## these XMPP accounts.
-    ##
-    ##   registration_watchers:
-    ##     - "admin1@example.org"
-    ##
-    ## Only clients in the server machine can register accounts
-    ##
-    ##   ip_access: trusted_network
-    ##
-    ## Local c2s or remote s2s users cannot register accounts
-    ##
-    ##   access_from: deny
-    ##   access: register
+  mod_register:
+    ## Only accept registration requests from the "trusted"
+    ## network (see access_rules section above).
+    ## Think twice before enabling registration from any
+    ## address. See the Jabber SPAM Manifesto for details:
+    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
+    ip_access: trusted_network
   mod_roster: {}
+  mod_s2s_dialback: {}
   mod_shared_roster: {}
   mod_stats: {}
+  mod_stream_mgmt:
+    resend_on_timeout: if_offline
   mod_time: {}
   mod_vcard:
     search: false
   mod_vcard_xupdate: {}
-  mod_avatar: {}
-  mod_version: {}
-  mod_stream_mgmt: {}
-  ##   Non-SASL Authentication (XEP-0078) is now disabled by default
-  ##   because it's obsoleted and is used mostly by abandoned
-  ##   client software
-  ## mod_legacy_auth: {}
-  ##   The module for S2S dialback (XEP-0220). Please note that you cannot
-  ##   rely solely on dialback if you want to federate with other servers,
-  ##   because a lot of servers have dialback disabled and instead rely on
-  ##   PKIX authentication. Make sure you have proper certificates installed
-  ##   and check your accessibility at https://check.messaging.one/
-  mod_s2s_dialback: {}
-  mod_http_api: {}
-  mod_fail2ban: {}
-
-##
-## Enable modules with custom options in a specific virtual host
-##
-## host_config:
-##   "localhost":
-##     modules:
-##       mod_echo:
-##         host: "mirror.localhost"
-
-##
-## Enable modules management via ejabberdctl for installation and
-## uninstallation of public/private contributed modules
-## (enabled by default)
-##
-
-allow_contrib_modules: true
+  mod_version:
+    show_os: false
 
-###.
-###'
 ### Local Variables:
 ### mode: yaml
 ### End:
-### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
+### vim: set filetype=yaml tabstop=8